auth_hash_check_time
The auth_hash_check_time directive specifies the time parameters used to validate a secure link's timestamp in NGINX.
Description
The auth_hash_check_time directive is used in the context of secure link hash authentications to specify how timestamps should be checked during the authentication process. This directive allows for a variety of time formats and can control the start and end range for valid timestamps. It can accept one or more parameters, which can include the timestamp variable, start time, end time, and a specified format for the time values. This enables precise control over the expiration of links that involve security checks based on time.
When using this directive, you also have the ability to enforce strict checks regarding when a secure link is considered valid. By including a start range and end range, it defines an exact time window in which the hash token is deemed valid, hence improving security. If a link is accessed outside this time range, it can trigger an authentication failure, thereby preventing unauthorized access after the validity period.
The parameter for auth_hash_check_time can be a combination of different time formats like Unix timestamps, different date formats, or even custom-defined formats based on the user’s needs. This flexibility is essential for developers needing to adapt to multiple use cases involving time-sensitive secure links.
Config Example
location ^~ /secure/ {
auth_hash on;
auth_hash_check_time $arg_ts range_end=$arg_e format=%s;
# Other configurations...
}The time_variable must be properly defined; otherwise, the directive will not function correctly.
Incorrect format specifications may lead to time validation failures.
Ensure that provided start and end times are adequately set to avoid unintentional denial of service. Adjust the time format to match your needs.